From patchwork Fri Oct 14 07:38:21 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Johannes Thumshirn <jthumshirn@suse.de>
X-Patchwork-Id: 682145
Return-Path: 
 <linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3swKHR6ztrz9srZ
	for <patchwork-incoming@ozlabs.org>;
	Fri, 14 Oct 2016 18:39:31 +1100 (AEDT)
Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])
	by lists.ozlabs.org (Postfix) with ESMTP id 3swKHR68V1zDt2r
	for <patchwork-incoming@ozlabs.org>;
	Fri, 14 Oct 2016 18:39:31 +1100 (AEDT)
X-Original-To: linuxppc-dev@lists.ozlabs.org
Delivered-To: linuxppc-dev@lists.ozlabs.org
Received: from mx2.suse.de (mx2.suse.de [195.135.220.15])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by lists.ozlabs.org (Postfix) with ESMTPS id 3swKGJ17BCzDt2l
	for <linuxppc-dev@lists.ozlabs.org>;
	Fri, 14 Oct 2016 18:38:32 +1100 (AEDT)
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254])
	by mx2.suse.de (Postfix) with ESMTP id 0A753AC02;
	Fri, 14 Oct 2016 07:38:27 +0000 (UTC)
Date: Fri, 14 Oct 2016 09:38:21 +0200
From: Johannes Thumshirn <jthumshirn@suse.de>
To: Steffen Maier <maier@linux.vnet.ibm.com>
Subject: Re: [PATCH v3 02/16] scsi: don't use fc_bsg_job::request and
	fc_bsg_job::reply directly
Message-ID: <20161014073821.qvkpjtwraqnwzzs3@linux-x5ow.site>
References: <cover.1476369687.git.jthumshirn@suse.de>
	<bbc682928173d64848ab0cbff689b1ad3d715fb7.1476369687.git.jthumshirn@suse.de>
	<ebc46cfa-0bee-aa71-ba0b-d7c86628df0c@linux.vnet.ibm.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <ebc46cfa-0bee-aa71-ba0b-d7c86628df0c@linux.vnet.ibm.com>
User-Agent: Mutt/1.6.2 (2016-07-01)
X-BeenThere: linuxppc-dev@lists.ozlabs.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Linux on PowerPC Developers Mail List
	<linuxppc-dev.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/linuxppc-dev>,
	<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/linuxppc-dev/>
List-Post: <mailto:linuxppc-dev@lists.ozlabs.org>
List-Help: <mailto:linuxppc-dev-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/linuxppc-dev>,
	<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=subscribe>
Cc: "open list:S390 ZFCP DRIVER" <linux-s390@vger.kernel.org>,
	Dick Kennedy <dick.kennedy@avagotech.com>,
	"James E.J. Bottomley" <jejb@linux.vnet.ibm.com>,
	"Martin K . Petersen" <martin.petersen@oracle.com>,
	Linux SCSI Mailinglist <linux-scsi@vger.kernel.org>,
	Anil Gurumurthy <anil.gurumurthy@qlogic.com>,
	"supporter:QLOGIC QLA2XXX FC-SCSI DRIVER" <qla2xxx-upstream@qlogic.com>,
	Sudarsana Kalluru <sudarsana.kalluru@qlogic.com>,
	Heiko Carstens <heiko.carstens@de.ibm.com>,
	Linux Kernel Mailinglist <linux-kernel@vger.kernel.org>,
	"open list:FCOE SUBSYSTEM \(libfc, libfcoe,
	fcoe\)" <fcoe-devel@open-fcoe.org>,
	Christoph Hellwig <hch@infradead.org>,
	James Smart <james.smart@avagotech.com>,
	Paul Mackerras <paulus@samba.org>, Hannes Reinecke <hare@suse.de>,
	Martin Schwidefsky <schwidefsky@de.ibm.com>,
	Johannes Thumshirn <jth@kernel.org>,
	"open list:LINUX FOR POWERPC \(32-BIT AND 64-BIT\)"
	<linuxppc-dev@lists.ozlabs.org>,
	Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org
Sender: "Linuxppc-dev"
	<linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org>

On Thu, Oct 13, 2016 at 05:55:11PM +0200, Steffen Maier wrote:
> Hm, still behaves for me like I reported for v2:
> http://marc.info/?l=linux-scsi&m=147637177902937&w=2

Hi Steffen,

Can you please try the following on top of 2/16?




The rational behind this is, in fc_req_to_bsgjob() we're assigning
job->request as req->cmd and job->request_len = req->cmd_len. But without
checkinf job->request_len we don't know whether we're save to touch
job->request (a.k.a. bsg_request).

In the meanwhile I try to reproduce your report here.

Thanks,
	Johannes

diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c
index 4149dac..baebaab 100644
--- a/drivers/scsi/scsi_transport_fc.c
+++ b/drivers/scsi/scsi_transport_fc.c
@@ -3786,6 +3786,12 @@ enum fc_dispatch_result {
 	int cmdlen = sizeof(uint32_t);	/* start with length of msgcode */
 	int ret;
 
+	/* check if we really have all the request data needed */
+	if (job->request_len < cmdlen) {
+		ret = -ENOMSG;
+		goto fail_host_msg;
+	}
+
 	/* Validate the host command */
 	switch (bsg_request->msgcode) {
 	case FC_BSG_HST_ADD_RPORT:
@@ -3831,12 +3837,6 @@ enum fc_dispatch_result {
 		goto fail_host_msg;
 	}
 
-	/* check if we really have all the request data needed */
-	if (job->request_len < cmdlen) {
-		ret = -ENOMSG;
-		goto fail_host_msg;
-	}
-
 	ret = i->f->bsg_request(job);
 	if (!ret)
 		return FC_DISPATCH_UNLOCKED;
@@ -3887,6 +3887,12 @@ enum fc_dispatch_result {
 	int cmdlen = sizeof(uint32_t);	/* start with length of msgcode */
 	int ret;
 
+	/* check if we really have all the request data needed */
+	if (job->request_len < cmdlen) {
+		ret = -ENOMSG;
+		goto fail_rport_msg;
+	}
+
 	/* Validate the rport command */
 	switch (bsg_request->msgcode) {
 	case FC_BSG_RPT_ELS: